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ABSTRACT:  Advances  in  geographic  information  systems  (GIS)  are  causing  the  technology  to  no 
longer  be  considered  a  separate  entity,  but  rather  an  integral  component  of  the  overall  information 
technology  infrastructure.  Most  GIS  platforms  are  moving  from  simple  file-based  data  structures  to 
complex  spatial  geodatabases  built  within  large-scale  database  platforms,  such  as  Oracle.  The  move 
toward  centralized  databases  has  many  ramifications  for  how  geospatial  tools  and  data  are  distributed 
throughout  a  complex  organization  such  as  the  Coips  of  Engineers.  Project  offices,  in  particular,  represent 
a  special  challenge  due  to  the  limitations  of  their  network  connections  to  the  district  offices.  Windows 
Terminal  Server  technology  represents  one  solution  for  serving  these  resources  to  project  and  field 
offices.  This  document  addresses  some  of  the  technical  issues  related  to  the  use  of  this  technology  and 

some  of  the  advantages  and  limitations  of  such  an  approach. 
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Preface 


This  report  was  prepared  as  part  of  the  Geospatial  Technology  Research  and 
Development  Program  Work  Unit  36302,  “Integrated  Geospatial  Technologies  to 
Support  Natural  Resource  Management.”  Research  was  conducted  by  the 
Environmental  Laboratory  (EL),  U.S.  Army  Engineer  Research  and 
Development  Center  (ERDC),  Vicksburg,  MS.  The  research  was  sponsored  by 
Headquarters,  U.S.  Army  Corps  of  Engineers  (HQUSACE),  and  was  carried  out 
during  the  period  of  January  2002  to  December  2002. 

This  report  was  prepared  by  Mr.  Mark  R.  Graves,  Environmental  Systems 
Branch  (ESB),  EL.  The  study  was  under  the  general  supervision  of  Mr.  Harold 
W.  West,  Chief,  ESB;  Dr.  David  J.  Tazik,  Chief,  Ecosystem  Evaluation  and 
Engineering  Division,  EL;  and  Dr.  Edwin  A.  Theriot,  Director,  EL.  The 
HQUSACE  Technical  Monitors  were  Mr.  M.  K.  Miles  and  Ms.  Nancy  J.  Blyler. 
Reviews  were  provided  by  Dr.  Linda  P.  Peyman-Dove  and  Mr.  Scott  G.  Bourne, 
ESB. 

Commander  and  Executive  Director  of  ERDC  was  COL  James  R.  Rowan, 
EN.  Director  was  Dr.  James  R.  Houston. 


1  Introduction 


Fielding  geospatial  software  tools,  applications,  and  data  throughout  a 
district  can  be  a  costly  and  complex  task.  The  goal  is  to  provide  the  proper  tools 
to  decision  makers  while,  at  the  same  time,  minimizing  costs  -  including 
administration,  maintenance,  training,  support,  and  upgrade  expenses.  These 
challenges  are  made  more  difficult  by  the  fact  that  many  Corps  districts  include 
field  offices,  which  are  often  located  in  rural  areas  and  connected  to  the  main 
office  by  limited  network  connections. 

Many  field  offices  are  now  using  geographic  information  system  (GIS) 
software  for  a  growing  range  of  applications.  While  the  use  of  this  software  is 
yielding  increased  efficiency  and  better  management  of  Corps  resources,  it  also 
comes  at  a  cost.  Many  districts  are  now  purchasing  and  maintaining  more  copies 
of  software  than  are  required.  Field  offices  using  these  packages  often  require 
more  expensive  personal  computers  than  they  would  otherwise  need.  Finally, 
advances  in  geospatial  technology  have  resulted  in  a  shift  from  file-based 
solutions  to  a  database-oriented  approach,  which  requires  connection  to  a 
centralized  relational  database  management  system  (RDBMS),  such  as  Oracle. 
Field  offices,  with  their  limited  bandwidth  connection  to  the  main  district  office, 
are  prohibited  from  fully  realizing  the  benefits  from  such  a  corporate  approach  to 
geospatial  technology. 

The  use  of  terminal  server  technology  provides  one  avenue  to  address  some 
of  these  concerns.  This  report  deals  with  specific  issues  that  must  be  addressed 
with  the  use  of  Windows  terminal  services  to  support  serving  geospatial  software 
and  applications  in  a  manner  which  would  allow  field  offices  to  have  access  to 
the  full  range  of  geospatial  tools.  As  many  Corps  offices  are  using  the 
Environmental  Systems  Research  Institute  (ESRI)  suite  of  geospatial 
applications,  specific  considerations  for  serving  these  applications  in  a  terminal 
server  environment  are  addressed. 

While  this  document  focuses  mainly  on  geospatial  resources  and  software 
issues,  it  should  be  understood  that  Corps  districts  can  realize  many  additional 
benefits  in  deploying  many  other  types  of  applications  through  a  terminal  server. 
Indeed,  a  terminal  server  can  be  used  to  serve  almost  any  application  that  is  now 
installed  on  individual  PC’s.  For  example,  Microsoft  Office  applications,  such  as 
Word  and  Outlook,  can  be  provided  to  end  users  through  terminal  server 
sessions,  and  users  at  remote  sites,  such  as  field  offices,  can  recognize  significant 
benefits  in  terms  of  stability  and  performance. 


Chapter  1  Introduction 


1 


Evolution  of  GIS  Technology 

When  GIS  technology  was  in  its  infancy,  the  software  and  spatial  data 
required  for  geospatial  applications  usually  resided  on  individual  computers, 
manned  by  GIS  technicians  or  specialists. 

As  the  technology  has  evolved,  geospatial  applications  have  begun  to 
permeate  more  and  more  of  the  business  practices  of  the  U.S.  Army  Corps  of 
Engineers  (USACE).  In  addition,  client  software  has  been  developed  that  allows 
users  with  little  GIS  training  to  be  able  to  use  GIS  data  in  their  applications, 
especially  for  simple  tasks  such  as  displaying  layers,  overlaying  various  data 
types,  or  printing  simple  maps. 

Most  importantly,  geospatial  data  itself  has  evolved  from  residing  in 
proprietary  file  formats  to  being  fully  integrated  into  corporate  RDBMS’s  such  as 
Oracle.  The  Corps  is  now  beginning  to  view  geospatial  data  as  a  natural  part  of 
the  organization’s  data  assets  and  an  integral  component  of  the  USACE  corporate 
information  infrastructure. 

Because  of  these  many  changes,  there  has  been  the  development  of  a  move 
toward  “enterprise  GIS”  solutions,  with  the  goal  of  wisely  managing  and 
disseminating  geospatial  data  and  applications  throughout  the  entire  organization. 
The  goal  of  these  efforts  is  to  appropriately  protect  the  Corps’  investment  in 
geospatial  data  while  putting  the  appropriate  data  and  tools  into  the  hands  of 
decision  makers. 


Disseminating  Geospatial  Data  and  Applications 
to  Field  Offices 

Field  offices  represent  a  unique  challenge  for  enterprise  GIS 
implementations.  They  are  often  connected  to  the  district  headquarters  by  very 
limited  network  lines,  sometimes  using  128k  ISDN  lines. 

These  connection  limitations  have  required  project  or  field  offices  to 
maintain  copies  of  GIS  databases.  Updates  to  those  databases  by  field  personnel 
must  be  periodically  reconciled  with  the  “main”  copy  at  the  district  office.  In 
addition,  the  field  offices  must  each  maintain  their  own  GIS  software  (including 
patches,  extensions,  etc.)  and  must  possess  computer  equipment  with  sufficient 
power  to  run  the  software. 


“Thin”  Computing  Models 

To  answer  the  problem  of  distributing  geospatial  information  across  limited- 
bandwidth  networks,  thin-client  computing  models  and  technologies  have  been 
developed.  There  are  two  basic  types  of  “thin”  approaches  to  computing.  Both 
attempt  to  limit  the  amount  of  information  that  must  cross  the  network,  but  they 
accomplish  this  in  different  ways  and  serve  different  purposes.  These  are 
described  below. 
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Service-based  Internet  mapping  applications 

The  development  of  applications  such  as  ArcIMS,  GeoMedia  Webmap,  and 
the  Minnesota  Web  Mapper  represents  approaches  to  disseminate  geospatial 
information  over  the  Web  to  client  computers.  Very  small  client  applications, 
based  on  JAVA  applets  or  ActiveX,  are  delivered  to  the  client’s  Web  browser. 
Figure  1  illustrates  a  service-based  approach  to  the  distribution  of  geospatial  data 
using  ESRI’s  Internet  Mapping  Software  (IMS). 


Figure  1 .  ArcIMS  software  configuration  (Peters  2003) 


The  information  delivered  to  the  client  is  restricted  to  what  is  required  for 
display  on  the  screen.  Therefore,  network  bandwidth  use  is  limited.  However,  the 
tiny  client  applications  are  usually  rather  limited.  While  these  applications  are 
good  for  providing  access  to  end  users  with  little  or  no  GIS  training,  they  cannot 
replace  full-featured  GIS  applications  such  as  ArcGIS. 


Thin-client  technology 

Thin-client  computing  represents  somewhat  of  a  return  to  an  old  client/server 
computing  paradigm.  About  a  decade  ago,  most  major  computational  and  i/o- 
intensive  computer  applications  ran  on  large  servers.  Users  connected  to  these 
applications  through  dumb  ASCII  terminals  or  through  terminals  running  X- 
Windows.  With  the  development  of  more  and  more  advanced  PC’s,  these 
applications  started  to  move  to  the  desktop.  GIS  software  followed  this 
distributed-computing  trend. 

Unfortunately,  this  distributed-computing  trend  carries  with  it  many  negative 
aspects.  The  cost  of  maintaining  and  administering  a  large  number  of  PC’s 
throughout  an  organization  is  one  of  these.  However,  for  implementing  an 
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enterprise  GIS,  it  is  not  the  main  problem.  The  main  problem  is  distributing  GIS 
information  throughout  the  organization  to  end  users. 

To  implement  an  RDBMS-based  GIS  database  and  to  manage  that 
information  in  a  manner  similar  to  other  enterprise  databases,  then  the 
information  must  be  centrally  maintained  and  accessed  directly  by  end  users. 
However,  geospatial  databases  are  quite  large,  containing  great  amounts  of 
graphical  information.  To  support  end  users  running  GIS  software  in  a 
distributed  manner,  all  the  graphical  information  must  flow  over  the  network  to 
the  client  application.  Users  on  a  LAN  can  operate  in  this  environment;  however, 
for  users  at  a  field  office,  the  network  bandwidth  is  just  not  sufficient  to  support 
this  model.  To  date,  this  has  required  the  district  office  to  distribute  copies  of  GIS 
databases  to  field  offices.  This  violates  some  of  the  basic  rules  of  database 
management  and  will  prohibit  field  offices  from  taking  advantage  of  more 
advanced  GIS  data  structures  in  the  future. 

The  goal  of  the  thin-client  model  is  to  centralize  computing  resources  and 
recognize  associated  benefits  of  easier  maintenance  and  less  expensive  upgrades, 
while  maintaining  the  same  quality  of  service  for  the  end  user  that  could  be 
provided  by  a  dedicated  workstation.  In  a  thin-client  computing  environment, 
although  users  can  use  PC’s  as  terminals,  users  can  move  from  full-featured 
computers  to  thin-client  devices,  lightweight  machines  primarily  used  for  display 
and  input  and  which  require  less  maintenance  and  fewer  upgrades.  Organizations 
then  provide  computing  services  to  their  end  users’  thin  clients  from  high- 
powered  servers  over  a  network  connection.  Server  resources  can  be  shared 
across  many  users,  resulting  in  more  effective  utilization  of  computing  hardware 
(Nieh  et  al.  2000). 

The  network  requirements  are  limited  due  to  the  fact  that  only  keystrokes, 
mouse  clicks,  and  screen  refreshes  are  transmitted  between  the  server  and  the 
client  (Figure  2). 

This  distributive  system  of  information,  compared  with  tools  that  are  “stand¬ 
alone”  or  installed  in  a  personal  computer,  offers  the  following  advantages, 
among  others: 

•  Sharing  and  exchange  of  data. 

•  Access  to  applications  and  tools  for  analysis  and  decision  making  for  a 
more  extensive  public. 

•  Facilitates  continued  updating  of  information,  helping  to  reduce 
redundancies  (duplications)  and  improving  access  to  databases. 

•  Facilitates  the  updating  of  applications  and  disclosed  information. 

The  advantages  (and  limitations)  of  this  approach  are  presented  much  more 
fully  in  the  next  section  of  this  document. 
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Figure  2.  Overview  of  thin-client  approach  (Citrix  Systems,  Inc.  2002) 
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2  Overview  of  Terminal 
Server  Technology 


Although  Microsoft  was  a  key  player  in  the  development  of  the  distributed- 
computing  model,  with  the  release  of  versions  of  their  operating  systems  for 
larger,  more  powerful  servers  such  as  Windows  NT  4.0,  a  need  was  recognized 
for  a  product  that  would  serve  a  centralized  computing  model.  Citrix  Systems, 
Inc.,  had  already  produced  a  product  (WinFrame)  for  NT  3.0  that  would  allow 
the  operating  system  (OS)  to  support  centralized  computing.  With  NT  Server  4.0, 
Microsoft  purchased  portions  of  the  technology  from  Citrix,  integrated  the 
terminal  server  technology  into  the  OS,  and  distributed  a  special  version  of  NT 
called  “NT  4.0  Server,  Terminal  Server  Edition.”  Citrix  continued  to  make 
products,  such  as  MetaFrame,  which  enhances  the  core  features  provided  by 
Microsoft. 


Windows  Terminal  Server 

With  the  release  of  Windows  2000,  terminal  services  capabilities  were 
included  as  an  integral  component  of  the  OS  with  the  Server,  Advanced  Server, 
and  Datacenter  Server  versions.  The  fact  that  a  special  version  of  the  OS  was  no 
longer  required  has  hastened  the  acceptance  of  centralized  computing  models  by 
many  organizations. 

Even  though  the  terminal  services  included  with  Windows  2000  Server  have 
greatly  increased  in  features  compared  to  earlier  versions,  most  implementations 
of  terminal  server  technology  still  benefit  from  the  added  features  provided  by 
Citrix  MetaFrame  XP. 


Citrix  Products 

Citrix  provides  features  that  Microsoft  has  not  added  to  the  core  terminal 
services.  An  example  is  the  ability  to  do  automatic  drive  remapping,  which 
allows  users  to  have  access  to  the  server  drives  as  well  as  their  local  drives.  Other 
Citrix  features,  such  as  Speedscreen  2,  further  compress  the  data  stream  traveling 
between  the  server  and  the  client  computer,  making  sessions  even  “thinner”  and 
freeing  up  more  network  bandwidth.  Other  features,  such  as  one-to-many  and 
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many-to-one  shadowing,  are  very  helpful  when  conducting  training  or 
instruction. 


Load  balancing  is  one  of  the  most  important  features  added  by  Citrix.  As  a 
terminal  server  implementation  grows,  additional  servers  can  be  added  to  the 
server  “farm”  to  allow  for  supporting  more  users.  The  load-balancing  support 
provided  by  Citrix  is  much  more  advanced  than  that  provided  in  the  base 
terminal  services  product  provided  by  Microsoft. 

Citrix  also  provides  support,  through  their  NFuse  product  (which  is  included 
with  MetaFrame),  for  publishing  applications  via  the  Web.  This  can  be  a  very 
useful  tool  for  distributing  applications  throughout  an  organization. 

Figure  3  illustrates  the  difference  in  features  provided  by  Microsoft  Terminal 
Services  and  the  added  features  provided  by  Citrix  MetaFrame. 


|  Feature  Comparison  1 
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Figure  3.  Comparison  of  Windows  2000  Server  Terminal  Services  and 
Metaframe  features  (Citrix  Systems,  Inc.  2002) 


Chapter  2  Overview  of  Terminal  Server  Technology 


Advantages  of  a  Windows  Terminal  Server 
Implementation 

There  are  a  number  of  significant  advantages  to  the  implementation  of  a 
terminal  server  approach  to  distributing  applications  throughout  an  organization. 
Some  of  the  anticipated  benefits  are: 

•  Administration. 

o  Applications  can  be  distributed  quickly  throughout  the 

organization.  Complex  applications,  such  as  ArcGIS,  have  a  number 
of  extensions  and  patches  that  must  be  periodically  applied  to  make 
sure  users  have  access  to  the  latest  versions.  With  a  terminal  server, 
all  software,  extensions,  and  patches  will  only  have  to  be  applied 
once  -  and  not  to  multiple  computers  at  both  local  and  remote  sites. 

o  Increased  manageability  and  security  of  applications.  The 

terminal  server  will  make  use  of  RAID  storage  and  will  be  carefully 
maintained  and  backed  up  by  an  administrator.  This  will  help  protect 
the  data  and  project  files  of  users  from  catastrophic  loss. 

o  Decreased  need  to  upgrade  client  desktops  computers  as 

frequently.  Since  the  speed  of  running  applications  will  be  as  fast  to 
a  user  running  on  an  old  computer  as  to  one  using  the  fastest 
available  PC,  the  life  cycle  of  existing  computing  resources  will  be 
essentially  lengthened.  This  can  result  in  significant  savings  to  the 
district. 

o  Users  provided  with  access  to  latest  software  features.  ArcGIS 
users  will  be  able  to  make  use  of  multiuser  geodatabases  technology 
when  the  district  decides  to  implement  this  method  of  storing  GIS 
data.  Implementation  of  multiuser  geodatabases  would  not  be 
possible  to  field  offices  without  a  terminal  server  implementation. 

o  Eliminate  need  to  distribute  data  CD’s  to  field  users.  Since  users 
will  be  accessing  data  located  on  the  district  servers,  there  will  be  no 
need  to  create  and  distribute  data  CD’s  to  field  offices.  The 
distribution  and  maintenance  of  multiple  versions  and  copies  of 
databases  violates  some  basic  principles  of  data  management  and  can 
cause  severe  difficulties  for  any  organization. 

o  Ease  of  providing  technical  support  to  end  users.  Through  the  use 
of  session  shadowing,  GIS  specialists  at  the  district  will  be  able  to 
quickly  answer  questions  of  end  users  at  the  field  offices  or  other 
users  within  the  district  building. 

o  Significant  reduction  in  network  bandwidth  requirements.  Since 
applications  and  data  access  are  moved  to  a  centralized  computer 
room,  network  bandwidth  usage  is  drastically  reduced. 

•  User  Environment. 

o  Fast  access  to  district  data  resources.  GIS  users  will  be  able  to 
quickly  access  all  data  resources,  including  all  raster  imagery  such  as 
satellite  images,  digital  ortho  quads,  etc.  Anything  available  to  GIS 
users  at  the  district  office  will  also  be  available  -  at  the  same  access 
speed  -  to  users  at  the  field  offices. 
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o  Improved  application  stability.  Applications  will  be  more  stable 
because  they  will  be  kept  up  to  date  with  the  latest  software  patches. 
Also,  a  system  administrator  will  be  maintaining  the  terminal  server. 

o  Technical  support  from  district  GIS  specialists.  Through  the  use 
of  session  shadowing,  field  users  will  be  able  to  obtain  quick 
technical  support  from  GIS  specialists  located  at  the  district  office  - 
or  from  other  GIS  users  at  other  field  sites.  Session  shadowing 
allows  both  client  sessions  to  see  the  same  display  and  both  to 
control  the  mouse  and  keyboard. 

o  Data  protection.  Data  and  important  project  files  will  be  backed  up 
on  a  frequent  basis  and  will  reside  on  RAID  file  systems  -  making  it 
almost  impossible  to  suffer  a  critical  data  loss. 

o  Matching  operating  environments.  The  application  environment 
for  any  user  using  an  application  on  the  terminal  server  is  identical. 
For  example,  the  same  ArcGIS  extensions  will  be  available  to  all 
users  and,  if  a  large  data  directory  is  maintained  on  the  terminal 
server,  all  drive  paths,  environment  variables,  etc.,  will  be  identical. 
Therefore,  any  ArcMap  documents  saved  on  the  machine  could  be 
opened  by  any  other  user  (if  sufficient  permissions  apply)  without 
the  need  to  edit  the  data  connections  or  the  use  of  any  third-party 
software  to  handle  such  settings. 

Disadvantages  of  a  Windows  Terminal  Server 
Implementation 

Although  there  are  many  advantages  to  a  terminal  server  implementation, 
there  are  a  few  disadvantages.  Among  these  are: 

•  Single  point  of  failure.  If  a  terminal  server  goes  down  -  then  there  is  no 
access  to  the  GIS  applications.  A  way  around  this  is  to  adopt  a  server 
farm  approach,  in  which  the  applications  are  mirrored  on  more  than  one 
server.  This  provides  redundancy  and  allows  for  applications  to  remain 
available  even  when  an  individual  server  fails  or  is  undergoing 
maintenance. 

•  System  resources  are  shared.  System  resources  will  be  shared  by  all 
users.  Therefore,  performance  will  be  dictated  by  how  powerful  the 
server  is  and  by  how  many  simultaneous  users  are  using  the  server.  It  is 
important  in  any  terminal  server  implementation  to  carefully  plan  for 
anticipated  loads. 

•  Feeling  of  loss  of  ownership.  With  the  GIS  applications  moved  to  a 
central  server,  some  users  in  the  field  may  not  be  happy  with  the 
apparent  loss  of  control  of  the  applications. 
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Server  Sizing  and  Configuration 

To  recognize  acceptable  performance,  it  is  extremely  important  to  purchase  a 
server  that  possesses  sufficient  technical  specifications  to  support  the  anticipated 
load.  GIS  software  products,  such  as  ArcGIS,  use  a  great  deal  of  memory.  Each 
session  of  ArcMap  or  ArcCatalog  can  use  as  much  as  60  to  70  MB  of  memory. 
Therefore,  it  is  important  to  purchase  enough  memory  to  limit  paging.  (Paging  is 
what  happens  when  a  computer  runs  out  of  physical  memory  (or  RAM).)  When 
this  happens,  space  on  a  hard  disk,  which  has  been  set  aside  as  “virtual  memory,” 
is  used  in  place  of  RAM.  The  use  of  virtual  memory  instead  of  physical  memory 
has  a  drastic  negative  impact  on  performance. 

In  1998,  ESRI  and  Data  General  Corporation  (Peters  2003)  conducted  tests 
to  determine  how  well  Windows  NT  4.0,  Terminal  Server  Edition,  would  support 
multiple  users  of  ArcGIS.  Although  their  results  are  dated,  they  determined  that 
performance  scaling  on  multiple  CPU  Windows-based  servers  was  similar  to 
what  is  experienced  on  UNIX  systems  and  that  the  ArcGIS  software  performed 
well  in  a  Terminal  Server  environment,  provided  adequate  memory  is  available. 

It  is  important  to  note  that,  in  1998,  they  were  testing  the  command-line 
portion  of  ArcGIS  (now  called  Workstation  Arc/Info).  The  newer  versions  of 
ArcGIS  are  COM-based  and  can  be  expected  to  generate  more  threads  and 
require  more  system  resources  per  user. 

In  a  working  environment,  the  U.S.  Army  Engineer  Research  and 
Development  Center  (ERDC)  Environmental  Laboratory  (EL)  commonly 
supports  10  concurrent  users  running  ArcGIS  on  a  6-CPU  (700-Mhz  Pentium-Ill 
XEON  processors)  system  with  4  GB  of  RAM.  Each  user  usually  is  running  at 
least  one  instance  of  ArcMap  and  ArcCatalog.  In  addition,  many  other 
applications  are  installed  on  the  terminal  server  and  are  being  used 
simultaneously. 


Windows  and  virtual  memory  use 

Regardless  of  how  much  memory  the  server  has,  Windows  is  not  very 
efficient  in  the  use  of  virtual  memory.  When  multiple  copies  of  applications  or 
drivers  are  loaded  into  memory,  even  though  large  amounts  of  RAM  may  still  be 
available,  the  OS  makes  use  of  lots  of  slow  virtual  memory.  The  result  is  many 
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unnecessary  page  file  read  and  writes  which  slow  down  the  server.  The  ERDC 
EL  has  tested  and  purchased  a  product  called  TScale  from  KevSoft  Inc.  to  help 
solve  this  problem.  Basically,  the  software  optimizes  dynamic-linked  libraries 
(DLL’s),  causing  less  of  the  application  to  get  swapped  to  the  page  file.  The 
result  is  that  the  server  can  support  more  users,  and  users  recognize  significant 
performance  boosts. 

The  ArcGIS  application,  due  to  its  architecture,  is  particularly  susceptible  to 
performance  degradation  caused  by  poor  utilization  of  memory  resources  by  the 
OS.  Upon  installing  the  TScale  software,  each  instance  of  ArcMap  and 
ArcCatalog  recognized  a  savings  of  about  50  MB  of  virtual  memory. 

As  a  district  expands  the  use  of  terminal  servers  for  GIS  and  other 
applications,  it  may  be  worthwhile  to  pursue  the  use  of  the  TScale  software, 
particularly  when  the  load  on  terminal  servers  reaches  a  critical  level. 

Information  about  this  product  may  be  found  at  www.kevsoft.com. 


Recommendations  on  server  selection 

Recommendations  on  server  selection  are  as  follows: 

•  Purchase  as  many  processors  as  possible.  The  server  should  use  XEON 
processors  with  as  much  processor  cache  memory  as  possible. 

•  The  amount  of  system  RAM  is  extremely  important.  ArcGIS  requires  a 
great  deal  of  memory  per  user.  As  a  rule  of  thumb,  each  ArcMap  or 
ArcCatalog  session  will  require  approximately  50  to  60  MB  of  RAM. 

•  GIS  applications  are  much  more  dependent  on  fast  i/o  than  they  are  on 
processor  speed.  Purchasing  the  fastest  RAID  controllers  possible  is 
highly  recommended. 


Configuration  tips 

Configuration  tips  include: 

•  Use  a  RAID  configuration,  if  possible. 

•  Install  at  lease  two  controllers:  one  to  support  the  OS  and  one  for 
applications.  Even  if  you  must  use  one  controller,  separate  the  OS  and 
applications  as  much  as  possible. 

•  If  possible,  separate  the  applications  and  temporary  files  on  separate 
controllers. 

•  Distribute  hard  disk  access  as  much  as  possible. 

•  Do  not  install  Oracle  or  any  other  services  on  the  terminal  server.  Do  not 
use  the  terminal  server  to  support  print  serving,  etc. 

•  All  partitions  must  use  the  New  Technology  File  System. 
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•  If  possible,  only  install  one  network  protocol  on  the  server.  This  frees  up 
system  resources  and  reduces  network  traffic. 

•  Reserve  at  least  1  GB  for  user  profiles. 


Software  Licensing 

To  operate  in  a  terminal  server  environment,  two  to  three  types  of  licenses 
will  be  required  (in  addition  to  any  application-specific  licensing  requirements): 

•  Microsoft  Windows  2000  Server  Client  Access  license 

•  Citrix  MetaFrame  XP  connection  license 

And,  if  connecting  from  a  non-Windows  2000  computer: 

•  Microsoft  Windows  2000  Terminal  Services  Client  Access  license 

Licenses  from  Microsoft  and  Citrix  will  be  required  for  end  users  to  connect 
to  a  Windows  2000  Terminal  Server  running  Citrix  MetaFrame.  All  licensing  is 
transparent  to  the  end  user  on  the  client  device. 


Operating  system 

Each  device  that  initiates  a  Windows  2000  Terminal  Services  session  must 
by  licensed  with  the  following: 

•  Windows  2000  Professional  license  or  Windows  2000  Terminal  Services 
Client  Access  license. 

•  Windows  2000  Server  Client  Access  license  or  BackOffice  Family  Client 
Access  license. 

These  licenses  are  required  whether  or  not  third-party  software,  such  as 
Citrix  Metaframe,  is  used. 

It  should  be  noted  that  users  connecting  to  a  terminal  services  session  from  a 
client  computer  running  Windows  2000  do  not  require  a  Windows  2000 
Terminal  Services  Client  Access  license.  Users  running  other  OS’s,  such  as 
Linux,  Windows  98,  Windows  95,  etc.,  will  require  a  Terminal  Services  Client 
Access  license. 

Client  Access  licenses  may  be  purchased  in  two  ways:  as  per  seat  licenses,  or 
as  per  server  licenses.  Per  seat  licenses  are  permanently  assigned  to  specific 
client  computers.  When  a  user  connects  to  a  terminal  services  session  from  such 
a  device,  the  server  issues  them  a  Client  Access  license.  This  license  remains 
bound  to  this  client  and  is  not  released  when  the  client  logs  off.  Per  server 
licenses  allow  licensing  for  a  set  number  of  concurrent  users  and  are  freed  up 
when  users  log  off. 
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More  detailed  information  regarding  Windows  terminal  services  licensing 
can  be  found  at:  http://wnrw.microsoft. com/windowssemer2003/docs/ 
terms  ervlicensinz.  doc. 


Citrix  Metaframe 

With  the  release  of  MetaFrame  XP,  Citrix  changed  its  licensing  from  a 
server-based  licensing  model  to  a  connection-based  model.  This  means  that 
licenses  are  no  longer  bound  to  specific  servers  as  in  the  past.  This  is  a  benefit  if 
the  district  at  some  point  wishes  to  implement  a  terminal  server  farm,  rather  than 
a  single  terminal  server. 


Citrix  sells  three  different  versions  of  the  MetaFrame  software.  These 
differences  are  outlined  in  Figure  4. 
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Figure  4.  Citrix  Metaframe  product  versions  (Citrix  Systems,  Inc.  2002) 


For  the  typical  Corps  district,  it  is  recommended  that  MetaFrame  XPs  version 
be  purchased.  MetaFrame  XPa  adds  load  management  (load  balancing),  which 
would  only  be  useful  if  a  server  farm  is  being  implemented.  Citrix  Metaframe  XP 
Starter  Packs  are  sold  with  5-  and  20-user  connection  licenses.  Additional 
connection  licenses  can  be  purchased  in  5-,  10-,  20-,  and  50-user  packs. 

Individual  licenses  are  associated  with  current  users  on  a  system.  Therefore, 
when  a  user  logs  out,  the  license  is  released  and  available  to  another  user. 
Therefore,  a  sufficient  number  of  MetaFrame  Connection  licenses  must  be 
purchased  to  support  only  the  number  of  expected  concurrent  system  users. 
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ArcGIS  licensing 


Most  districts  have  already  purchased  single  use  licenses  for  ESRI  software 
products  such  as  Arcview.  These  licenses  are  locked  to  individual  PC’s.  When  a 
district  decides  to  pursue  a  terminal  server  implementation,  it  would  be  wise  to 
change  to  a  concurrent  (floating)  license  approach.  While  floating  licenses  cost 
more  than  single  use  licenses,  the  district  only  has  to  maintain  the  number  of 
licenses  required  to  support  the  number  of  concurrent  users  of  the  software.  The 
district  can  then  legally  install  the  ESRI  software  on  as  many  PC’s  as  it  wants. 
When  a  user  starts  up  an  application,  such  as  ArcGIS  in  ArcView  mode,  a 
request  is  made  to  a  central  server  running  the  license  manager  software.  A 
license  is  then  checked  out,  if  available,  and  when  the  user  is  finished  with  his  or 
her  session,  the  license  is  released.  Since  the  checking  out  and  releasing  of 
licenses  only  requires  a  few  bytes  of  information  to  go  over  the  network,  this 
type  of  licensing  scheme  will  work  regardless  of  whether  or  not  the  district 
chooses  to  implement  a  terminal  server. 

The  only  limitation  of  the  floating  licenses  is  that  the  end  user  system  must 
be  connected  to  the  network  in  order  to  be  able  to  check  out  a  license.  The 
district  may  wish  to  maintain  a  very  limited  number  of  single  user  licenses  for 
systems  such  as  laptops  that  will  be  used  for  travel  and  which  may  not  have 
network  access. 

ESRI  uses  the  FLEXlm  software  from  Globetrotter  Software  to  manage 
floating  licenses.  This  software  uses  port  number  27005  for  checking  out 
licenses.  In  addition,  a  hardware  key  must  be  installed  in  the  parallel  port  of  the 
license  server. 

If  a  decision  is  made  to  use  floating  licenses,  it  is  recommended  that  the 
terminal  server  NOT  be  used  as  the  license  server.  The  reasons  for  this  are 
discussed  in  the  following  section. 

Since  the  terminal  server  and  the  license  server  should  be  on  the  same  side  of 
the  firewall,  there  should  be  no  need  to  open  port  27005. 


ESRI-Specific  Considerations 

ESRI  maintains  and  frequently  updates  guidance  on  the  use  and  limitations 
of  using  their  products  in  a  terminal  server  environment.  The  ESRI  document  can 
be  accessed  at  the  following  link: 

httn: //support. esri. com/index. cfm?fa=k}70wledzebase.whiteuar>ers.viewPaper&P 

ID=43&MetaID=389. 

The  following  paragraphs  list  some  of  the  current  limitations  and 
considerations  at  the  time  this  document  was  written. 
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Terminal  server  support  from  ESRI 

ESRI  supports  ArcGIS  8.x  products  on  Windows  Terminal  Server  at  support 
level  3.  This  level  of  support  reflects  that  there  are  some  known  limitations  with 
this  operating  environment.  The  main  limitations  concern  printing  and  setting  the 
software  mode  through  the  ArcGIS  Desktop  Administrator.  These  are  discussed 
in  more  detail  below. 


ArcGIS  installation  on  terminal  servers 

As  with  all  applications  on  Windows  Terminal  Server,  new  programs  must 
be  added  through  the  Control  Panel->  Add/Remove  Programs  interface.  This  puts 
the  system  in  “install  mode.” 

Installing  ArcGIS  applications  on  a  Windows  Terminal  Server  is  not 
straightforward  as  the  installation  routine  makes  some  changes  to  the  OS 
environment  and  then  requires  a  reboot  before  proceeding  with  the  installation. 
ESRI  has  compiled  some  installation  tips  for  Windows  Terminal  Server 
(DeWeese  2002a).  The  following  are  derived  from  that  document: 

•  Prior  to  installation: 

o  Only  install  the  software  through  the  console  interface  -  not  through 
a  terminal  session.  Files  are  placed  in  temp  directories  specific  to  the 
session.  If  a  reboot  is  required,  session  temp  files  will  be  deleted. 

o  When  you  set  up  the  terminal  services  in  application  server  mode, 
you  are  given  a  choice  to  set  system  permissions  either  to  be 
compatible  with  Windows  2000  Users  or  Windows  NT  4.0  Terminal 
Server  Users.  It  is  recommended  that,  unless  absolutely  necessary, 
you  set  permissions  to  be  compatible  with  Windows  NT  4.0 
Terminal  Server  Users.  If  you  must  use  Windows  2000  permissions, 
then  you  should  consult  the  ESRI  Terminal  Server  Installation  Notes 
(DeWeese  2002a)  for  issues  related  to  these  permissions. 

o  It  is  recommended  that  the  ESRI  license  manager  software  not  reside 
on  the  terminal  server.  Indeed,  if  you  are  going  to  remap  the  system 
drive  on  the  terminal  server,  it  will  not  be  possible  to  run  the  license 
manager  software  on  the  terminal  server. 

o  Ensure  the  account  you  are  using  is  part  of  the  Administrator’s 
group. 

o  Make  sure  you  are  in  “install”  mode.  This  is  accomplished  by 
installing  programs  through  the  Control  Panels  Add/Remove 
Programs  interface. 

•  During  installation: 

o  During  the  first  part  of  the  installation,  the  install  process  may  ask 
permission  to  update  the  OS.  If  you  answer  “yes,”  files  will  be 
installed  and  the  system  will  have  to  reboot.  When  the  reboot  is 
complete  and  you  log  back  in,  you  will  be  put  back  into  the  install 
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process  automatically  -  but  the  system  will  no  longer  be  in  “install” 
mode.  Exit  the  installation  and  then  go  to  the  Control 
Panel-^  Add/Remove  Programs  interface  and  reenter  the  installation 
manually. 

•  Post  Installation: 

o  If  Workstation  Arclnfo  is  installed  on  the  terminal  (this  will  be  the 
case  only  if  the  Arclnfo  version  of  ArcGIS  is  installed  on  the 
terminal  server),  then  changes  will  need  to  be  made  to  the 
%HOMEPATH%  environment  variable.  Workstation  Arclnfo  does 
not  like  spaces  in  directory  names  and  the  default  for  Windows  2000 
is  set  to  the  path  Document  and  Settings\%USERNAME%.  You  can 
fix  this  by  modifying  the  user’s  home  directory  using  the  Terminal 
Server  Profile  tab  under  the  Computer  Management  tool.  The  name 
should  be  changed  to  the  DOS-naming  convention  using  a 
character. 

o  By  default,  Citrix  will  share  a  server  session  connection  when  two  or 
more  seamless  applications  are  launched.  This  causes  the 
environment  setting  to  be  different  for  subsequent  “seamlessly 
launched”  applications,  including  changing  the  TMP  and  TEMP 
directories  to  C:\WINNT~Temp.  This  causes  abnormal  behavior 
with  applications  such  as  ArcGIS,  including  the  inability  to  write  to 
the  TMP  and  TEMP  directories.  To  avoid  this  potential  problem, 
Citrix  session  sharing  should  be  disabled  when  running  ArcGIS.  The 
fix  is  to  add  a  “SeamlessFlags”  DWORD  with  a  value  of  “1”  to  the 
following  registry  key: 

■  Registry  Key:  HKeyLocalMachine~SYSTEl~CurrentControlSet\ 
Control\Citrix\Wfshell\TWI 

■  New  DWORD  value:  SeamlessFlags 

■  Value:  1 


Specific  ArcGIS  limitations 

Early  releases  of  terminal  server  technology  possessed  a  number  of 
limitations,  many  of  which  were  specific  to  individual  applications,  such  as 
ESRI’s  GIS  applications.  With  each  new  release  of  the  technology  more  and 
more  of  these  limitations  have  been  overcome.  Today,  there  are  really  only  a  few 
specific  limitations  that  must  be  addressed  in  serving  the  ArcGIS  applications 
through  a  terminal  server. 


Software  mode  setting 

Versions  of  ArcGIS  prior  to  8.3.  For  versions  of  ArcGIS  prior  to  8.3,  there 
was  no  way  to  set  a  software  mode  (ArcView,  ArcEditor,  or  Arclnfo)  for 
individual  user  sessions.  Since  at  the  ArcGIS  8.x  level  Arclnfo,  ArcEditor,  and 
ArcView  all  share  the  same  architecture,  it  was  impossible  for  different  terminal 
server  clients  to  run  different  modes  of  the  software.  When  the  Desktop 
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Administrator  application  is  used  to  set  the  mode  of  software  -  this  setting  affects 
ALL  users  on  the  system.  According  to  ESR1  this  is  a  hard  limitation,  with  no 
workaround;  however,  ArcView  3.x  and  ArcView8.x  can  both  be  running  at  the 
same  time  since  they  do  not  share  the  same  architecture. 

Since  this  setting  affects  all  users  on  the  terminal  server,  access  to  the 
Desktop  Administrator  should  be  restricted  to  the  Administrator  user. 

Since  this  is  such  a  hard  limitation,  it  may  be  that  power  users  at  the  district 
office  may  wish  to  use  the  Arclnfo  mode  of  the  software  on  their  local  PC’s,  as 
they  currently  do,  and  that  the  ArcView  version  of  the  software  can  be  served  on 
the  terminal  server  to  users  at  the  district. 

ArcGIS  version  8.3.  In  version  8.3,  ESRI  implemented  a  new 
ESRI_SOFTWARE_CLASS  environment  variable  that  can  be  used  to  specify  a 
level  of  the  product  to  be  used  for  individual  user  sessions.  This  variable  can  be 
set  in  the  user’s  profile  or  can  be  set  using  a  batch  file.  The  setting  of  this 
variable  overrides  the  mode  set  in  the  Desktop  Administrator  application  and 
allows  each  user  to  utilize  the  appropriate  level  of  the  software  for  their  needs. 
There  are,  however,  several  small  limitations. 

•  Due  to  the  way  ArcToolBox  DLL’s  are  registered  during  the  installation 
process,  the  Desktop  Administrator  should  be  configured  to  the  highest 
level  of  license  the  organization  possesses.  If  the  Desktop  Administrator 
application  is  used  to  set  the  mode  of  software  operation  all  users  are  still 
affected,  unless  the  ESRI_SOFTWARE_CLASS  is  used  to  override  this 
setting. 

•  The  ArcMap  title  bar  usually  displays  the  mode  in  which  the  software  is 
running  (i.e.,  “ArcMap  -  Arclnfo”  or  “ArcMap  -  ArcView”).  When  the 
ESRI_SOFTWARE_CLASS  environment  variable  is  used  to  set  the 
mode  the  user  is  running,  the  title  bar  does  not  reflect  this  setting.  For 
example,  even  though  a  user  may  be  operating  at  the  ArcView  level  of 
license,  the  title  bar  will  still  display  the  highest  level  of  product  installed 
on  the  server.  This  may  be  confusing  to  the  user,  and  there  is  no 
workaround  for  this  problem. 


Printing 

Printing  represents  probably  the  most  significant  challenge  to  the  successful 
implementation  of  a  terminal  server  for  geospatial  applications.  Users  at  the 
remote  offices  need  to  be  able  to  locally  print  large  plot  files.  These  plots  often 
contain  a  great  deal  of  raster  imagery.  It  is  not  unusual  for  GIS  plot  files  to  reach 
60  or  even  100  MB  in  size.  Obviously,  if  the  plot  files  must  traverse  the  network 
from  the  terminal  server  to  the  client’s  local  printer,  this  can  cause  serious 
problems  with  network  bandwidth. 

One  potential  solution  is  to  use  RIP  software  such  as  Image  Printer  from 
Handmade  Software  or  ESRI’s  ArcPress  to  translate  the  plot  files  from 
Encapsulated  Postscript  (which  are  very,  very  large)  into  native  printer  language, 
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such  as  RTL  used  by  Hewlett-Packard  large  format  plotters.  Users  would  plot 
their  large  map  documents  to  files  on  the  terminal  server.  Then  RIP  software 
would  do  the  translation  to  RTL  and  send  the  much  smaller  file  over  the  network 
to  the  plotter.  Since  RTL  is  the  native  language  of  the  plotter,  no  translation 
would  need  to  be  done  on  the  plotter  and  the  file  would  begin  to  print 
immediately. 

Echevarria  (2002)  specifically  addresses  the  issue  of  plotting  in  a  terminal 
services  environment. 


Digitizing 

ArcGIS  uses  Wintab  drivers  to  support  digitizing  in  the  ArcMap  desktop 
application.  These  drivers  do  not  work  in  a  Windows  Terminal  Server 
environment  at  this  time.  ESRI  is  working  with  the  Wintab  driver  providers  to 
determine  a  solution.  This  affects  users  who  wish  to  digitize  using  a  digitizer 
table.  On-screen  (or  “heads-up”)  digitizing  using  a  mouse  on  the  screen  does  not 
require  Wintab  drivers  and  works  in  a  Windows  Terminal  Server  environment. 

The  Arclnfo  workstation  software  does  not  use  the  Wintab  drivers,  but  does 
not  work  in  a  Windows  Terminal  Server  environment. 

In  summary,  at  this  point,  users  who  wish  to  digitize  using  a  digitizing  tablet 
need  to  have  the  ArcGIS  software  loaded  on  their  local  PC. 


Security 

Currently,  field  offices  in  most  Corps  districts  are  located  on  the  same  side  of 
the  firewall  as  the  resources  in  the  main  district  office.  Therefore,  the  setup  and 
configuration  of  the  terminal  server  should  be  just  like  any  other  server  within 
the  district,  and  no  special  provisions  need  to  be  made  for  a  firewall. 

Should  the  firewall  situation  be  different,  Citrix  provides  many  options  for 
securing  a  Citrix  MetaFrame  XP  server.  The  following  is  a  basic  list  of  the 
options. 


Firewall  considerations 

The  default  port  on  MetaFrame  servers  for  independent  computing 
architecture  (ICA)  sessions  is  1494.  This  port  must  be  open  on  firewalls  for 
inbound  communication  if  ICA  clients  are  outside  the  firewall.  The  port  used  on 
the  client  for  the  ICA  session  is  configured  dynamically  when  the  session  is 
established. 

The  Network  Protocol  setting  specified  for  server  location  in  the  ICA  client 
affects  the  following  deployment  issues  related  to  ICA  browsing: 

•  The  communications  protocol  the  client  uses  to  locate  servers. 
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•  The  Citrix  component  the  client  communicates  with. 

•  The  port  the  client  communicates  with. 

•  The  default  locations  the  client  contacts. 

Citrix  recommends  that  ICA  clients  use  TCP/IP+HTTP  for  ICA  browsing. 
Among  other  advantages,  this  protocol  does  not  use  user  datagram  protocol  or 
broadcasts  to  locate  terminal  servers.  To  use  the  TCP/IP+HTTP  protocol  with 
clients  outside  a  firewall,  configure  the  firewall  to  pass  inbound  HTTP  packets 
on  port  80,  the  default  port  for  the  Citrix  XML  service  on  MetaFrame  XP  servers. 
This  port  is  usually  open  on  firewalls  for  inbound  HTTP  packets  to  Web  servers. 


In  ICA  sessions,  ICA  clients  communicate  with  port  1494  on  MetaFrame 
servers.  If  the  clients  are  outside  the  firewall,  this  port  must  be  open  for  inbound 
communication  to  MetaFrame  servers  (Figure  5). 


Figure  5.  Basic  client/server  communication  (Citrix  Systems,  Inc.  2002) 


The  process  of  running  a  session  is  outlined  below: 

•  The  client  sends  a  request  to  the  Citrix  XML  service  on  port  80  on  a 
specified  server  using  HTTP. 

•  The  XML  service  sends  the  address  of  a  server  that  has  the  requested 
application. 
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•  The  ICA  client  establishes  an  ICA  session  with  the  MetaFrame  XP  server 
specified  by  the  XML  service.  ICA  packets  travel  from  the  client  to  port 
1494  on  the  server.  ICA  packets  travel  from  the  server  to  a  dynamically 
assigned  port  number  on  the  client. 


Figure  6  illustrates  the  process  if  a  demilitarized  zone  is  set  up. 


Figure  6.  Communication  with  NFuse-enabled  Web  server  (Citrix  Systems,  Inc. 
2002) 


In  a  network  configuration  with  Web  servers  in  a  demilitarized  zone  between 
firewalls,  users’  Web  browsers  send  application  requests  to  NFuse-enabled  Web 
servers.  Web  servers  send  secure  (HTTPS)  requests  to  the  Secure  Sockets  Layer 
(SSL)  relay  and  XML  service  in  the  server  farm. 

ICA  clients  establish  ICA  sessions  with  MetaFrame  XP  servers  on  port  1494. 
The  port  used  on  the  clients  is  configured  dynamically. 

If  SSL  is  used,  the  process  is  as  shown  in  Figure  7. 
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Firewall 


Figure  7.  Client  to  server  communication  with  SSL  (Citrix  Systems,  Inc.  2002) 


For  SSL  communication,  port  443  is  open  for  inbound  communication  to  the 
Citrix  SSL  relay.  The  client  communicates  with  the  SSL  relay  for  server  location 
and  ICA  session  communication. 


FIPS-140  requirements 

When  deploying  Citrix  MetaFrame  XP  in  an  environment  where  FIPS- 140 
requirements  need  to  be  met,  Feature  Release  2  of  the  software  needs  to  be 
loaded.  This  adds  support  for  transport  layer  security  (TLS),  the  latest 
standardized  version  of  SSL.  With  Feature  Release  2,  Citrix  supports 
cryptographic  modules  that  are  FIPS- 140  validated.  With  this  release  Smart 
Cards,  IPSec,  and  Government  Cyphersuite  are  supported  as  well. 

Citrix  Systems,  Inc.  (2002)  should  be  consulted  for  more  information 
regarding  FIPS- 140  level  security  considerations. 
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